6329 matches found
CVE-2026-9180
MotoPress Appointment Booking for WordPress (versions up to 2.4.4) is vulnerable to an Authorization Bypass via a user-controlled booking_id. The REST endpoint POST /motopress/appointment/v1/bookings is registered with a permissive permission_callback (return_true ), and createBooking() loads the...
EUVD-2026-41492
The MotoPress Appointment Booking plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.4.4. This is due to the POST /motopress/appointment/v1/bookings REST endpoint being registered with 'permissioncallback' = 'returntrue',...
CVE-2026-10823
creationtimestamp| type| source ---|---|--- 2026-06-29 12:00:04+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-10823.yaml 2026-06-30 00:00:03+00:00| confirmed|...
CVE-2026-55592
creationtimestamp| type| source ---|---|--- 2026-06-22 02:53:55+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-55592.yaml 2026-06-24 15:00:04+00:00| confirmed|...
CVE-2026-54066
creationtimestamp| type| source ---|---|--- 2026-06-19 07:23:13+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-54066.yaml...
CVE-2026-54069
creationtimestamp| type| source ---|---|--- 2026-06-17 04:18:47+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-54069.yaml...
CVE-2025-61224
creationtimestamp| type| source ---|---|--- 2026-06-16 04:05:56+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-61224.yaml...
CVE-2026-50230
creationtimestamp| type| source ---|---|--- 2026-06-12 02:49:16+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-50230.yaml...
CVE-2026-2652
creationtimestamp| type| source ---|---|--- 2026-06-04 09:46:33+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-2652.yaml...
EUVD-2026-34094
ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...
CVE-2026-39352
creationtimestamp| type| source ---|---|--- 2026-05-25 09:50:58+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-39352.yaml...
CVE-2024-9362
creationtimestamp| type| source ---|---|--- 2026-05-23 14:18:54+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-9362.yaml...
CVE-2026-43913
A flaw was found in Vaultwarden, a Bitwarden-compatible server. An authenticated user, who has been invited as an organization owner and accepted the invitation but has not yet been confirmed by an existing owner, can exploit this vulnerability. By calling a specific API endpoint, this user can...
CVE-2024-4322
creationtimestamp| type| source ---|---|--- 2026-05-10 12:00:46+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-4322.yaml...
CVE-2026-40878
creationtimestamp| type| source ---|---|--- 2026-05-07 09:12:24+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-40878.yaml...
CVE-2024-32825
creationtimestamp| type| source ---|---|--- 2026-04-23 06:53:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-32825.yaml 2026-04-23 21:03:12+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mk6vwtumpd2m...
CVE-2025-62039
creationtimestamp| type| source ---|---|--- 2026-04-22 16:54:21+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-62039.yaml 2026-04-23 21:03:14+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mk6vwu4jqz2i...
CVE-2021-26947
creationtimestamp| type| source ---|---|--- 2026-04-20 05:29:04+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-26947.yaml...
CVE-2026-41179
creationtimestamp| type| source ---|---|--- 2026-04-19 12:17:45+00:00| published-proof-of-concept| https://github.com/rclone/rclone/security/advisories/GHSA-jfwf-28xr-xw6q 2026-04-19 12:17:45+00:00| published-proof-of-concept|...
CVE-2026-33020
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow which leads to a heap buffer overflow via sixelframeconverttorgb888 in frame.c, where allocation size and pointer offset computations for palettised images PAL1, PAL...